CLAIMS 

ClaiA 1. 



[y method incluaing: 



A method of identity vectoring using chained mapping records, the 



3 comparing a distinguished name or a partial distinguished name with a plurality of 

4 mapping recorck; 

5 replacingi a variable from a first matching mapping record with an environmental 

6 factor to create a\ first search criteria, the first matching mapping record indicating the 

7 distinguished name or the partial distinguished name; and 



8 



comparing tne first search criteria with the plurality of mapping records. 



1 



Claim 2. 



\The method of claim 1, further including: 



2 generating a sequrity context control block using a user identification from a second 

3 matching mapping reco|[d, the second matching mapping record indicating the first search 

4 criteria. 



1 



Claim 3. 



The method of claim 1, further including: 



2 replacing a variable from a second matching mapping record with an environmental 

3 factor to create a second searqh criteria, the second matching mapping record indicating the 

4 first search criteria. 
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1 Claim 4. The mSethod of claim 3, further including: 

2 generating a security context control block using a user identification from a third 

3 matching mapping record, the[ third matching mapping record indicating the second search 

4 criteria. 



Claim 5. 



The method of claim 1, further including: 



2 eliminating a portion olF an X.500 distinguished name to create the partial 

3 distinguished name used in said comparing the partial distinguished name with the plurality 

4 of mapping records. 



□ 

3 s 

C3 



Claim 6. 



The methodlof claim 1, further including: 



2 generating a security content control block using a user identification from the first 

3 matching mapping record if the \ first matching mapping record includes the user 

4 identification. 



1 Claim 7. The method oflclaim 1 , further including: 

2 providing an X.500 distinguished name for use as the distinguished name used in said 

3 comparing the distinguished name witl i the plurality of mapping records. 
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1 



Claim 8. The method of claim 1, further including: 



2 providing a system sta^s for use as the environmental factor for said replacing the 

3 variable. 



1 Claim 9. A system for identity mapping using chained mapping records, the 

2 system including: 

3 a digital certificate including a distinguished name; 



4 a distinguished name m 

5 distinguished name, said 

6 first data field including a first 



7 a first criteria mapping record 

8 factor, said first criteria mapping 

9 including a first user identity; anc 



apping record indicative of at least a portion of said 
distinguijshed name mapping record including a first data field, said 
vaHable indicative of a first environmental factor; 



corresponding to a first state of said first environmental 
rjecord including a second data field, said second data field 



10 a mapping process configu* 

1 1 process generates a security 

12 to said first state of said first 



ed to receive said digital certificate, wherein said mapping 
content control block using said first user identity in response 
enviibnmental factor. 
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Claim 10. The system of claim 9, further including: 

a second criteria mapping record corresponding to a second state of said first 
environmental factor, said second criteria mapping record including a third data field, said 
third data field including a second user identity; and 

wherein said mapping process is further configured to generate a security context control 
block using said second user [identity in response to said second state of said first 
environmental factor. 



Claim 1 1 . The system of claim 9, fiirther including: 

a second criteria mapp ng record corresponding to a second state of said first 
environmental factor, said second criteria mapping record including a third data field, said 
third data field including a second variable indicative of a second environmental factor; 

a third criteria mapping record corresponding to said second envirorunental factor, 
said third criteria mapping record including a fourth data field, said fourth data field 
including a second user identity; and 

wherein said mapping process is fiirther configured to generate a security context 
control block using said second user identity in response to said second state of said first 



10 environmental factor and said third environmental factor. 
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1 Claim 12. The system of claim 9, wherein said distinguished name is an X.500 

2 distinguished name. 



1 Claim 13. The sj stem of claim 10, wherein said first user identity represents a 

2 first level of network authorisation, and said second user identity represents a second level 

3 of network authorization. 



1 Claim 14. The 

2 network status at the time sai* i 



s>^tem of claim 9, wherein said first environmental factor is a 
digital certificate is received by said mapping process. 



1 Claim 15. The sy 

2 application status at the time 



tem of claim 9, wherein said first environmental factor is an 
aid digital certificate is received by said mapping process. 



1 Claim 16. The system of claim 9, wherein said first environmental factor is 

2 included in said digital certifi :ate. 
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1 Claim 17. A storage medium encoded with machine-readable computer program 

2 code for mapping name space identities to digital certificates, the storage medium including 

3 instructions for causing a computer tof implement a method comprising: 

4 comparing a distinguished n^e or a partial distinguished name with a pluraHty of 

5 mapping records; 

6 replacing a variable from i first matching mapping record with an environmental 

7 factor to create a first search cmteria, the first matching mapping record indicating the 

8 distinguished name or the partisQ distinguished name; and 

9 comparing the first search criteria with the plurality of mapping records. 



1 Claim 18. The storage medium of claim 1 7 fixrther comprising instructions for 

2 causing a computer to ir^plement: 

generatmg a security context control block using a user identification from a second 

4 matching mapping r^ord, the second matching mapping record indicating the first search 

5 criteria. 



1 Claim ISf. The storage medium of claim 1 7 fiirther comprising instructions for 

2 causing a comp'uter to implement: 



3 replacing a variable from a second matching mapping record with an environmental 

4 factor to creafte a second search criteria, the second matching mapping record indicating the 

5 first search criteria. 
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1 Claim 20. The storage mediuyli of claim 19 further comprising instructions for 

2 causing a computer to implement: 

3 generating a security contextycontrol block using a user identification firom a third 

4 matching mapping record, the thirc^atching mapping record indicating the second search 

5 criteria. 



1 Claim 21 . The storage medium of claim 17 fiirther comprising instructions for 

2 causing a computer to imp/ement: 

3 eliminating a portion of an X.500 distinguished name to create the partial 

4 distinguished name us^d in said comparing the partial distinguished name with the plurality 

5 of mapping records. / 

1 Claim 22. The storage medium of claim 17 ftulher comprising instructions for 

2 causing a computer to implement: 

3 generating a security context control block using a user identification fi-om the first 

4 matching/mapping record if the first matching mapping record includes the user 

5 identifigiation. 
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Claim 23. The storage medium of claim LT'^jrther comprising instructions for 
causing a computer to implement: j< 

providing an X. 500 distinguished^ame for use as the distinguished name used in said 
comparing the distinguished name/with the pluraUty of mapping records. 

Claim 24. /The storage medium of claim 17 further comprising instructions for 
causing a computer to implement: 

prQ;ming a system status for use as the environmental factor for said replacing the 
variabli^ 
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